The security breach involving the Key Skills tests involved the posting of supposedly secret trial papers on a personal website run by a teacher at Carmarthenshire College in west Wales.

The problem had been noticed by some students at another college who e-mailed BBC News Online to say they were "shocked".

The key question troubling the Qualifications and Curriculum Authority (QCA) and its Welsh counterpart, ACCAC, was how many people saw - or downloaded - the papers before they were removed.

The homepage-style website was run by Carmarthenshire lecturer Steve Bell as "a resource for anyone interested in teaching, learning or managing Key Skills".

"Please remember that these are trial papers and so may differ in subtle ways from the actual papers," he wrote.

He added: "... they are certainly of a similar standard to the example tests published by QCA earlier this year".

Downloadable files

A page bearing the date 19 December 2000 included papers for levels 1, 2 and 3 of the tests in communication, information technology and application of number, along with associated data.

These were available as portable document format (PDF) files - widely used as a way of reproducing paper documents.

PDFs can be read on screen but would be most easily read if printed off - and can be downloaded easily to a user's computer. The website explained how to do this.

The front page of the site had a counter recording the number of visitors which was showing just over 250 when the pages were emptied. The page the papers were on had no counter.

The company which hosts the site, Claranet, has access logs for the pages. A spokesman said the Data Protection Act would allow it to show these to "a competent public authority".

BBC News Online technology correspondent, Mark Ward, writes:

The internet is a network of networks, which only works as well as it does because the addressing scheme for it is so well worked out.

Whenever you do anything on the net, surf to a particular website, tune into a net radio station, download a file or watch a webcast, data is travelling from that computer elsewhere on the net back to your machine.

That data only knows where to go because it knows the address of your computer. So anyone looking at the server logs for the web pages holding the questions will be able to see a list of net addresses.

However, one net address does not always lead to the same computer.

Many net service providers have a pool of net addresses far smaller than their actual number of subscribers. This is because it is unlikely that all their customers will go online at the same time. These net addresses are doled out as they are needed.

Internal networks

So, it might be possible to relate the net addresses from the server log back to people who used them, but only with the collaboration of the net service providers who allocate addresses in this way.

However, some smaller net providers let people dial in anonymously and have no way to relate net addresses to people.

Also some large organisations, such as colleges, operate their own intranets that use their own addressing schemes.

When people on these networks go on to the larger internet they again use a pool of net addresses. Only the "gatekeeping" machine knows which internal machine is getting which data.

Other identifying marks could be gleaned from the particular machines looking at the test question homepage. Depending on how they are configured browsers surrender more or less information to the servers or homepages they are looking at.

Badly configured browsers can leak all sorts of personal information such as e-mail addresses, security settings and so on.

This latter information could be used to identify individual machines if they are suspected of having been used to download the questions.